07-16-2009 11:39 AM - edited 07-03-2021 05:49 PM
I'm trying to set-up two b/g 1231s in Point-to-Point bridge mode with local-radius eap on the root and WPA/TKIP.
Config looks identical to what's running on 13xx & 14xx bridges but the local-radius server on the root keeps showing up as dead and the two bridges never complete the auth process.
IOS is c1200-k9w7-mx.123-8.JEB1.
Trunking two vlans, one for mgt. & one for users across the street.
WPA-PSK works and it looks like I could fall back to WEP-LEAP too.
Anybody tried this? Ideas, suggestions?
Thanks!
Solved! Go to Solution.
07-17-2009 12:06 PM
Are you doing LEAP+WPA/TKIP ? I've tested this setup with bridging+multiple vlans+wpa/wpa2+tkip/aes+LEAP/EAP-FAST/EAP-TLS+local EAP, and they all worked. Can you post your config?
You mentioned that WEP+LEAP worked and also that local-radius server shows up as dead, so I'm not sure if your local EAP is actually working.
Make sure you are using auth-port 1812 (not default 1645). Here's a sample config:
aaa group server radius rad_eap
server 192.168.0.1 auth-port 1812 acct-port 1813
!
aaa authentication login eap_methods group rad_eap
!
radius-server host 192.168.0.1 auth-port 1812 acct-port 1813 key cisco
!
radius-server local
nas 192.168.0.1 key cisco
user X password Y
07-17-2009 12:06 PM
Are you doing LEAP+WPA/TKIP ? I've tested this setup with bridging+multiple vlans+wpa/wpa2+tkip/aes+LEAP/EAP-FAST/EAP-TLS+local EAP, and they all worked. Can you post your config?
You mentioned that WEP+LEAP worked and also that local-radius server shows up as dead, so I'm not sure if your local EAP is actually working.
Make sure you are using auth-port 1812 (not default 1645). Here's a sample config:
aaa group server radius rad_eap
server 192.168.0.1 auth-port 1812 acct-port 1813
!
aaa authentication login eap_methods group rad_eap
!
radius-server host 192.168.0.1 auth-port 1812 acct-port 1813 key cisco
!
radius-server local
nas 192.168.0.1 key cisco
user X password Y
07-17-2009 01:40 PM
Thanks. I just got back from installing them. I rebuilt the configs from scratch, changing the auth ports and I had missed entering the nas IPs.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: